Public bug reported:
Hello,
As a OpenStack administrator I would like to federate flexible access policies
to Openstack projects from identity provider.
For example, I have projects Green and Red, and Admin and User roles. From
identity provider Keystone receives an array like: "Green_Admin;Red_User". And
there is no way to specify rule "If idp gives Green_Admin and Red_User then set
role Admin for project Green, and role User for project Red".
I tried to implement "full match" logic with something like:
any_one_of: Green_Admin
any_one_of: Red_User
not_any_of: Green_User, Red_Admin
But in real life example with a dozen of projects and several roles I ended up
with 50MB mappings JSON that Keystone can't accept.
Best Regards,
Alex.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2039269
Title:
Implement full_match mapping compination matching rule
Status in OpenStack Identity (keystone):
New
Bug description:
Hello,
As a OpenStack administrator I would like to federate flexible access
policies to Openstack projects from identity provider.
For example, I have projects Green and Red, and Admin and User roles. From
identity provider Keystone receives an array like: "Green_Admin;Red_User". And
there is no way to specify rule "If idp gives Green_Admin and Red_User then set
role Admin for project Green, and role User for project Red".
I tried to implement "full match" logic with something like:
any_one_of: Green_Admin
any_one_of: Red_User
not_any_of: Green_User, Red_Admin
But in real life example with a dozen of projects and several roles I ended
up with 50MB mappings JSON that Keystone can't accept.
Best Regards,
Alex.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2039269/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
